US8102847B2 - Frame processing method and frame processing apparatus - Google Patents

Frame processing method and frame processing apparatus Download PDF

Info

Publication number
US8102847B2
US8102847B2 US12/096,702 US9670206A US8102847B2 US 8102847 B2 US8102847 B2 US 8102847B2 US 9670206 A US9670206 A US 9670206A US 8102847 B2 US8102847 B2 US 8102847B2
Authority
US
United States
Prior art keywords
address
data link
link layer
network
layer frame
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12/096,702
Other languages
English (en)
Other versions
US20090245251A1 (en
Inventor
Toshio Koide
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Assigned to NEC CORPORATION reassignment NEC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KOIDE, TOSHIO
Publication of US20090245251A1 publication Critical patent/US20090245251A1/en
Application granted granted Critical
Publication of US8102847B2 publication Critical patent/US8102847B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to a frame processing method and a frame processing apparatus, and more particularly to a frame processing method and a frame processing apparatus which can achieve conversion of a broadcast frame or a multicast frame into unicast frames and transmission only to a preauthorized terminal.
  • terminals home information appliance devices
  • LAN Local Area Network
  • various services for performing remote control by connecting away from home to those terminals via a transit network such as the Internet, for sharing information such as pictures or movies with each other via connection between homes, or for enjoying real-time games.
  • a terminal 30 and a terminal 31 are connected to a LAN 11 , which is connected to a transit network 10 such as the Internet via a frame processing apparatus 20 .
  • the frame processing apparatus 20 has a tunneling part 41 for configuring a communication tunnel.
  • a terminal 36 has a tunneling part 42 .
  • a communication tunnel is configured in the transit network 10 between the tunneling part 41 and the tunneling part 42 .
  • the terminal 36 which is connected to the transit network 10 , can access each of the terminals 30 and 31 in the LAN 11 via the communication tunnel.
  • external terminals accessible to the terminals 30 and 31 connected to the LAN 11 can be limited to the terminal 36 in which the communication tunnel has been configured via the frame processing apparatus 20 .
  • the terminals connected to the LAN 11 cannot be grouped such that communication is allowed between the terminal 36 and the terminal 30 but not between the terminal 36 and the terminal 31 .
  • the frame processing apparatus 20 needs to send the frame to the LAN 11 , so that the frame is inevitably received by the terminal 31 other than the authorized terminal 30 .
  • a unicast MAC address is uniquely identified by a multicast MAC address
  • a plurality of external terminals 36 are connected to the frame processing apparatus 20 via the transit network 10 , multicast frames sent from all of the external terminals are equally converted into unicast frames. Therefore, specific terminals cannot be grouped such that only a multicast MAC address from a specific external terminal is transmitted to a specific terminal 30 with unicast.
  • An object of the present invention is to provide a frame processing method and a frame processing apparatus which allow only a preauthorized terminal to receive and process a frame without use of virtualization technology for LAN, such as VLAN, and without any special processing in the terminal even if a destination address of an Ethernet frame has been designated as a broadcast address or a multicast address.
  • a frame processing method includes a step of converting a data link layer frame obtained from a first network and having a destination address designated as a multiple address into one or more data link layer frames in which the destination address is replaced with each of one or more unicast addresses that are associated in advance with a source address of the data link layer frame; and outputting the converted data link layer frames to a second network.
  • the frame processing method includes a step of receiving an encapsulated network layer packet from the first network and decapsulating the received network layer packet to obtain the data link layer frame.
  • the frame processing method includes a step of directly outputting a data link layer frame whose destination address has been designated as other than a multiple address to the second network.
  • the frame processing method includes a step of, if a set of a destination address and a source address of a data link layer frame received from the second network is matched with a predetermined set of a destination address and a source address, or if the destination address of the data link layer frame has been designated as a multiple address and the source address of the data link layer frame is matched with one or more predetermined source addresses, then validating the data link layer frame, otherwise discarding the data link layer frame; and a step of, if the destination address of the valid data link layer frame has been designated as a multiple address, encapsulating the data link layer frame into at least one network layer packet whose destination address is set to be at lease one tunneling destination address predetermined for the source address of the data link layer frame, or, if the destination address of the valid data link layer frame has not been designated as a multiple address, encapsulating the data link layer frame into a network layer packet whose destination address is set to be a tunneling destination address predetermined for the set of the destination address and the source address
  • a frame processing method includes:
  • step b) a step of, if a destination address of the data link layer frame obtained in step a) has been designated as a multiple address, retrieving data from the table unit with using a source address of the data link layer frame as a key for the remote address, generating one or more frames in which the destination address of the data link layer frame is replaced with each of local addresses of one or more matched sets, and transmitting the generated frames to the second network, or, if the destination address of the data link layer frame has been designated as other than a multiple address, transmitting the data link layer frame directly to the second network;
  • a step of receiving a data link layer frame from the second network retrieving data from the table unit with using a destination address and a source address of the received data link layer frame as keys for the remote address and the local address, if there is any matched set, or if the destination address of the received data link layer frame has been designated as a multiple address and there is any matched set when retrieving data from the table unit with using the source address of the received data link layer frame as a key for the local address, then validating the data link layer frame, otherwise discarding the data link layer frame;
  • step d) a step of, if the destination address of the data link layer frame validated in step c) has been designated as a multiple address, retrieving data from the table unit with using the source address of the data link layer frame as a key for the local address and encapsulating the data link layer frame into at least one network layer packet whose destination address is set to be each of different tunneling destination addresses of one or more matched sets, or, if the destination address of the data link layer frame validated in step c) has not been designated as a multiple address, retrieving data from the table unit with using the destination address and the source address of the data link layer frame as keys for the remote address and the local address and encapsulating the data link layer frame into a network layer packet whose destination address is set to be a tunneling destination address of the matched set, and transmitting each packet to the first network.
  • step a) and step b) may be combined so as to hold the retrieval result of the table unit with performing only one retrieval.
  • the data link layer frame be an Ethernet frame
  • the network layer packet be an IP packet
  • the multiple address be a broadcast address or a multicast address of an Ethernet
  • each of the local address and the remote address in the table unit be a MAC address
  • the tunneling destination address in the table unit be an IP address
  • the first network be an intranet or the Internet capable of transferring an IP packet
  • the second network be a wired or wireless LAN capable of transferring an Ethernet frame.
  • the encapsulation method and the decapsulation method used in step d) and step a) be either one of EtherIP, Ethernet over HTTPS, Ethernet over IPsec, L2TP, Ethernet over UDP, and Ethernet over TCP.
  • a frame processing apparatus has a destination processing unit operable to convert a data link layer frame obtained from a first network and having a destination address designated as a multiple address into one or more data link layer frames in which the destination address of the data link layer frame is replaced with each of one or more unicast addresses that are associated in advance with a source address of the data link layer frame and to output the converted data link layer frames to a second network.
  • the frame processing apparatus further has a decapsulation unit operable to receive an encapsulated network layer packet from the first network and decapsulate the received network layer packet to obtain the data link layer frame.
  • the destination processing unit directly outputs a data link layer frame whose destination address has been designated as other than a multiple address to the second network.
  • the frame processing apparatus further has:
  • a filter unit operable to, if a set of a destination address and a source address of a data link layer frame received from the second network is matched with a predetermined set of a destination address and a source address, or if the destination address of the data link layer frame has been designated as a multiple address and the source address of the data link layer frame is matched with one or more predetermined source addresses, then validate the data link layer frame, otherwise discard the data link layer frame;
  • a table unit holding at least one set of a local address which is a data link layer address of a terminal connected to the second network, a remote address which is a data link layer address of a terminal connected to a local network under the control of a tunneling destination apparatus, and a tunneling destination address which is a network layer address assigned to the tunneling destination apparatus on the first network;
  • a decapsulation unit operable to receive an encapsulated network layer packet from the first network and decapsulate the received network layer packet to obtain a data link layer frame
  • a filter unit operable to receive a data link layer frame from the second network, retrieve data from the table unit with using a destination address and a source address of the received data link layer frame as keys for the remote address and the local address, if there is any matched set, or if the destination address of the received data link layer frame has been designated as a multiple address and there is any matched set when retrieving data from the table unit with using the source address of the received data link layer frame as a key for the local address, then validate the data link layer frame, otherwise discard the data link layer frame;
  • an encapsulation unit operable to, if the destination address of the data link layer frame validated in the filter unit has been designated as a multiple address, retrieve data from the table unit with using the source address of the data link layer frame as a key for the local address and encapsulate the data link layer frame into at least one network layer packet whose destination address is set to be each of different tunneling destination addresses of one or more matched sets, or, if the destination address of the data link layer frame validated in the filter unit has not been designated as a multiple address, retrieve data from the table unit with using the destination address and the source address of the data link layer frame as keys for the remote address and the local address and encapsulate the data link layer frame into a network layer packet whose destination address is set to be a tunneling destination address of the matched set, and transmit each packet to the first network.
  • the decapsulation means and the destination processing means may be combined into one means so as to hold the retrieval result of the table unit with performing only one retrieval.
  • a program provides a computer with a function of destination processing means for converting a data link layer frame obtained from a first network and having a destination address designated as a multiple address into one or more data link layer frames in which the destination address is replaced with each of one or more unicast addresses that are associated in advance with a source address of the data link layer frame; and outputting the converted data link layer frames to a second network.
  • the destination processing means directly outputs a data link layer frame whose destination address has been designated as other than a multiple address to the second network.
  • filter means for, if a set of a destination address and a source address of a data link layer frame received from the second network is matched with a predetermined set of a destination address and a source address, or if the destination address of the data link layer frame has been designated as a multiple address and the source address of the data link layer frame is matched with one or more predetermined source addresses, then validating the data link layer frame, otherwise discarding the data link layer frame;
  • a program according to a sixth aspect of the present invention provides.
  • decapsulation means for receiving an encapsulated network layer packet from the first network and decapsulating the received network layer packet to obtain a data link layer frame
  • encapsulation means for, if the destination address of the data link layer frame validated in the filter means has been designated as a multiple address, retrieving data from the table with using the source address of the data link layer frame as a key for the local address and encapsulating the data link layer frame into at least one network layer packet whose destination address is set to be each of different tunneling destination addresses of one or more matched sets, or, if the destination address of the data link layer frame validated in the filter means has not been designated as a multiple address, retrieving data from the table with using the destination address and the source address of the data link layer frame as keys for the remote address and the local address and encapsulating the data link layer frame into a network layer packet whose destination address is set to be a tunneling destination address of the matched set, and transmitting each packet to the first network.
  • the decapsulation means and the destination processing means may be combined into one means so as to hold the retrieval result of the table unit with performing only one retrieval.
  • the data link layer frame be an Ethernet frame
  • the network layer packet be an IP packet
  • the multiple address be a broadcast address or a multicast address of an Ethernet
  • each of the local address and the remote address in the table unit be a MAC address
  • the tunneling destination address in the table unit be an IP address
  • the first network be an intranet or the Internet capable of transferring an IP packet
  • the second network be a wired or wireless LAN capable of transferring an Ethernet frame.
  • the encapsulation method and the decapsulation method used in the encapsulation means and the decapsulation means be either one of EtherIP, Ethernet over HTTPS, Ethernet over IPsec, L2TP Ethernet over UDP, and Ethernet over TCP.
  • the frame is converted into unicast frames whose destination addresses are set to be addresses of one or more corresponding terminals that are predetermined to accept transmission from the source address, and transmitted to a second network.
  • a frame processing method and a frame processing apparatus which allow only a preauthorized terminal to receive and process a frame without use of virtualization technology for LAN, such as VLAN, and without any special processing in the terminal even if a destination address of an Ethernet frame has been designated as a broadcast address or a multicast address.
  • LAN virtualization technology
  • VLAN virtualization technology for LAN
  • a data link layer frame whose destination address has been designated as a multiple address is converted into unicast frames whose destination addresses are set to be addresses of one or more corresponding terminals that are predetermined in association with a source address of the frame, and transmitted to a second network.
  • FIG. 1 is a block diagram showing a network configuration in a case where dedicated devices other than terminals employ a method of interconnecting with an entire LAN.
  • FIG. 2 is a block diagram showing a network configuration in a case where a terminal itself uses tunneling means or the like to interconnect with other terminals.
  • FIG. 3 is a block diagram showing an entire network configuration of a first exemplary embodiment of the present invention.
  • FIG. 4 is a flow chart showing operation of the first exemplary embodiment of the present invention.
  • FIG. 5 is a flow chart showing operation of the first exemplary embodiment of the present invention.
  • FIG. 6 is a block diagram showing an entire network configuration of a second exemplary embodiment of the present invention.
  • the entire network includes a transit network 10 operable to communicate with using IP packets, such as the Internet or a regional IP network, a plurality of local networks 11 - 13 which are broadcast domains formed by the Ethernet, a wireless LAN, or the like in home, office, or the like and are operable to communicate with using Ethernet frames, a plurality of terminals 30 - 35 connectable to the local networks 11 - 13 , and a plurality of frame processing apparatuses 20 - 22 operable to tunnel only preauthorized Ethernet frames, among Ethernet frames generated from the terminals 30 - 35 in the local networks 11 - 13 , through the transit network 10 into the other local networks 11 - 13 and to convert, replicate, and discard the Ethernet frames as needed.
  • IP packets such as the Internet or a regional IP network
  • a plurality of local networks 11 - 13 which are broadcast domains formed by the Ethernet, a wireless LAN, or the like in home, office, or the like and are operable to communicate with using Ethernet frames
  • the transit network 10 sends IP packets received from a plurality of frame processing apparatuses 20 - 22 connected to the transit network 10 , correctly to destinations designated in those IP packets. IP addresses for identifying the frame processing apparatuses 20 - 22 are used for the destinations.
  • the local networks 11 - 13 send Ethernet frames received from the terminals 30 - 35 or the frame processing apparatuses 20 - 22 connected to the local networks 11 - 13 , correctly to destinations designated in the Ethernet frames.
  • MAC addresses for identifying the terminals 30 - 35 and the frame processing apparatuses 20 - 22 are used for the destinations.
  • the MAC addresses include unicast addresses indicative of each of the terminals 30 - 35 and the frame processing apparatuses 20 - 22 , broadcast addresses indicative of all of the terminals 30 - 35 and the frame processing apparatuses 20 - 22 connected to the local networks 11 - 13 , and multicast addresses indicative of any combination of the devices.
  • the broadcast addresses and the multicast addresses are collectively referred to as multiple addresses.
  • the local network 11 - 13 includes a switching hub for performing efficient transfer of Ethernet frames with learning source MAC addresses, a wireless LAN access point for bridging communication between wireless and wired networks, radio waves, Ethernet cables, and the like.
  • Each of the terminals 30 - 35 has one NIC (Network Interface Card) unit (not shown) at a contact point with the local network 11 - 13 .
  • the NIC unit of the terminal 30 - 35 holds a MAC address as an identifier used in the local network 11 - 13 and receives Ethernet frames from and transmits Ethernet frames to the local network 11 - 13 .
  • the NIC unit discards an Ethernet frame whose destination MAC address is designated as a unicast address that is not the MAC address of that terminal.
  • the source MAC address of an Ethernet frame transmitted from the NIC unit to the local network 11 - 13 is always the MAC address of that terminal.
  • the table unit 205 , 215 , or 225 of the frame processing apparatus 20 - 22 holds one or more sets of a local address, a remote address, and a tunneling destination address in advance.
  • the tunneling destination address refers to the IP address on the transit network which has been assigned to the frame processing apparatus 20 - 22 as the tunneling destination.
  • the local address refers to the MAC address of the terminal 30 - 35 connected to the local network 11 - 13 under the control of that frame processing apparatus 20 - 22 .
  • the remote address refers to the MAC address of the terminal 30 - 35 connected to the local network 11 - 13 under the control of the frame processing apparatus 20 - 22 identified by the tunneling destination address.
  • the destination processing unit 201 , 211 , or 221 transmits the Ethernet frame to the local network 11 - 13 through the NIC unit 206 , 216 , or 226 .
  • the destination processing unit 201 , 211 , or 221 does not change the destination IP address even if the higher layer is IP.
  • the destination processing unit 201 , 211 , or 221 may generate and transmit an Ethernet frame whose destination IP address is designated as a broadcast address or a multicast address. This is for the purpose of preventing a situation in which an address-converted packet is not processed because an IP packet that should be delivered with a multicast address is delivered with a unicast address in home information appliances based on the use of IP multicast.
  • an IP address may be converted into a unicast address.
  • the filter unit 203 , 213 , or 223 of the frame processing apparatus 20 - 22 When the filter unit 203 , 213 , or 223 of the frame processing apparatus 20 - 22 receives a data link layer frame from the local network 11 - 13 through the NIC unit 206 , 216 , or 226 , it retrieves data from the table unit 205 , 215 , or 225 with using the destination MAC address and the source MAC address of the frame as keys for the remote address and the local address.
  • the filter unit 203 , 213 , or 223 retrieves data from the table unit 205 , 215 , or 225 with using the source MAC address as a key for the local address.
  • the filter unit 203 , 213 , or 223 outputs the frame to the encapsulation unit 204 , 214 , or 224 . Otherwise, the filter unit 203 , 213 , or 223 discards the frame.
  • the decapsulation unit 202 , 212 , or 222 of the frame processing apparatus 20 - 22 receives an encapsulated IP packet from the transit network 10 through the NIC unit 207 , 217 , or 227 , then decapsulates the IP packet to restore an Ethernet frame, and outputs the frame to the destination processing unit 201 , 211 , or 221 .
  • the encapsulation unit 204 , 214 , or 224 of the frame processing apparatus 20 - 22 retrieves data from the table unit 205 , 215 , or 225 with using the source MAC address of the frame as a key for the local address and encapsulates the frame into one or more IP packets whose destination IP addresses are set to be tunneling destination addresses of one or more matched sets.
  • the encapsulation method and the decapsulation method used in the encapsulation units 204 , 214 , and 224 and the decapsulation units 202 , 212 , and 222 , respectively, may be either one of EtherIP, Ethernet over HTTPS, Ethernet over IPsec, L2TP, Ethernet over UDP, and Ethernet over TCP,
  • the encapsulation unit 204 , 214 , or 224 and the decapsulation unit 202 , 212 , or 222 form a tunneling part.
  • the NIC unit 206 , 216 , or 226 of the frame processing apparatus 20 - 22 is connected to the local network 11 - 13 , and the NIC unit 207 , 217 , or 227 is connected to the transit network 10 .
  • Each of the NIC units 206 , 216 , and 226 connected respectively to the local networks 11 - 13 holds a MAC address as an identifier used in the local network 11 - 13 , transmits Ethernet frames received from the destination processing unit 201 , 211 , or 221 to the local network 11 - 13 , and transmits Ethernet frames received from the local network 11 - 13 to the filter unit 203 , 213 , or 223 .
  • Each of the NIC units 207 , 217 , and 227 connected to the transit network 10 holds an IP address as an identifier used in the transit network 10 and transfers IP packets between the tunneling part and the transit network 10 .
  • terminals including the terminal 30 , the terminal 32 , the terminal 33 , and the terminal 34 form one communication group and that the table units 205 , 215 , and 225 of the frame processing apparatuses 20 , 21 , and 22 prestore the following data.
  • the table unit 205 of the frame processing apparatus 20 prestores three sets of addresses including (the MAC address a of the terminal 30 , the MAC address c of the terminal 32 , the IP address B of the frame processing apparatus 21 ), (the MAC address a of the terminal 30 , the MAC address d of the terminal 33 , the IP address B of the frame processing apparatus 21 ), and (the MAC address a of the terminal 30 , the MAC address e of the terminal 34 , the IP address C of the frame processing apparatus 22 ).
  • the table unit 215 of the frame processing apparatus 21 prestores four sets of addresses including (the MAC address c of the terminal 32 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ), (the MAC address c of the terminal 32 , the MAC address e of the terminal 34 , the IP address C of the frame processing apparatus 22 ), (the MAC address d of the terminal 33 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ), and (the MAC address d of the terminal 33 , the MAC address e of the terminal 34 , the IP address C of the frame processing apparatus 22 ).
  • the table unit 225 of the frame processing apparatus 22 prestores four sets of addresses including (the MAC address e of the terminal 34 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ), (the MAC address e of the terminal 34 , the MAC address c of the terminal 32 , the IP address B of the frame processing apparatus 21 ), and (the MAC address e of the terminal 34 , the MAC address d of the terminal 33 , the IP address B of the frame processing apparatus 21 ).
  • the filter unit 203 receives an input of the frame. Since the destination MAC address has not been designated as a multiple address (Step S 11 ), the filter unit 203 retrieves data from the table unit 205 with using the MAC address c of the terminal 32 , which is the destination MAC address of the frame, and the MAC address a of the terminal 30 , which is the source MAC address of the frame, as keys for the local address and the remote address (Step S 12 ). A set of (the MAC address a of the terminal 30 , the MAC address c of the terminal 32 , the IP address B of the frame processing apparatus 21 ) is found after the retrieval, Accordingly, the filter unit 203 outputs the frame to the encapsulation unit 204 (Step S 13 ).
  • the encapsulation unit 204 receives an input of the frame. Since the destination MAC address of the frame has not been designated as a multiple address, the encapsulation unit 204 retrieves data from the table unit 205 with using the MAC address c of the terminal 32 , which is the destination MAC address of the frame, and the MAC address a of the terminal 30 , which is the source MAC address of the frame, as keys for the local address and the remote address. Then a set of (the MAC address a of the terminal 30 , the MAC address c of the terminal 32 , the IP address B of the frame processing apparatus 21 ) is found. Accordingly, the encapsulation unit 204 encapsulates the frame into an IP packet whose the destination IP address is set to be the IP address B of the frame processing apparatus 21 and outputs it to the NIC unit 207 (Step S 14 ).
  • the NIC unit 207 receives an input of the IP packet and transmits it to the transit network 10 (Step S 15 ).
  • the transit network 10 transmits the IP packet to the frame processing apparatus 21 , which is designated as the destination IP address B.
  • the frame processing apparatus 21 receives the IP packet with the NIC unit 217 and outputs it to the decapsulation unit 212 (Step S 1 in FIG. 4 ).
  • the decapsulation unit 212 decapsulates the IP packet and outputs the restored frame to the destination processing unit 211 (Step S 2 ).
  • the destination processing unit 211 receives an input of the frame and outputs the frame to the NIC unit 216 because its destination MAC address c has not been designated as a multiple address (Step S 3 ).
  • the NIC unit 216 transmits the inputted frame to the local network 12 (Step S 4 ).
  • the local network 12 transmits the frame to the terminal 32 , which corresponds to the destination MAC address c of the received frame.
  • the terminal 32 receives the frame Conversely, when an Ethernet frame whose destination MAC address has been set to be the MAC address a of the terminal 30 is transmitted from the terminal 32 , a similar operation is performed, so that the terminal 30 receives the frame.
  • Ethernet frame When an Ethernet frame whose destination MAC address has been designated as a multiple address is transmitted from the terminal 30 , the Ethernet frame is received by the NIC unit 206 of the frame processing apparatus 20 and outputted to the filter unit 203 (Step S 10 in FIG. 5 ).
  • the filter unit 203 receives an input of the frame. Since the destination MAC address has been designated as multiple address (Step S 11 ), the filter unit 203 retrieves data from the table unit 205 with using the MAC address a of the terminal 30 , which is the source MAC address of the frame, as a key for the local address (Step S 16 ).
  • the filter unit 203 outputs the frame to the encapsulation unit 204 (Step S 17 ).
  • the encapsulation unit 204 receives an input of the frame. Since the destination MAC address of the frame has been designated as a multiple address, the encapsulation unit 204 retrieves data from the table unit 205 with using the MAC address a of the terminal 30 , which is the source MAC address of the frame, as a key for the local address.
  • the encapsulation unit 204 encapsulates the frame into two packets including an IP packet whose destination IP address is set to be the IP address B of the frame processing apparatus 21 and an IP packet whose destination IP address is set to be the IP address C of the frame processing apparatus 22 . Then the encapsulation unit 204 outputs those packets to the NIC unit 207 (Step S 19 ).
  • the NIC unit 207 receives an input of the two IP packets and transmits the respective packets to the transit network 10 (Step S 20 ).
  • the transit network 10 transmits to the frame processing apparatus 21 the IP packet addressed to the destination IP address B and transmits to the frame processing apparatus 22 the IP packet addressed to the destination IP address C.
  • the frame processing apparatus 21 receives the IP packet with the NIC unit 217 and outputs it to the decapsulation unit 212 (Step S 1 in FIG. 4 ).
  • the decapsulation unit 212 decapsulates the IP packet and outputs the restored frame to the destination processing unit 211 (Step S 2 ).
  • the destination processing unit 211 receives an input of the frame. Since the destination MAC address has been designated as a multiple address (Step S 3 ), the destination processing unit 211 retrieves data from the table unit 215 with using the MAC address a of the terminal 30 , which is the source MAC address of the frame, as a key for the remote address (Step S 5 ). Two sets of (the MAC address c of the terminal 32 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ) and (the MAC address d of the terminal 33 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ) are found (Step S 6 ).
  • the destination processing unit 211 generates two frames including a frame in which the destination MAC address of the frame is replaced with the MAC address c of the terminal 32 and a frame in which the destination MAC address of the frame is replaced with the MAC address d of the terminal 33 (Step S 7 ) and outputs the respective frames to the NIC unit 216 .
  • the NIC unit 216 transmits the respective inputted frames to the local network 12 (Step S 8 ).
  • the local network 12 transmits the received frames to the terminal 32 and the terminal 33 , respectively.
  • Each of the terminal 32 and the terminal 33 receives the frame.
  • the frame processing apparatus 22 receives the IP packet with the NIC unit 227 and outputs it to the decapsulation unit 222 (Step S 1 in FIG. 4 ).
  • the decapsulation unit 222 decapsulates the IP packet and outputs the restored frame to the destination processing unit 221 (Step S 2 ).
  • the destination processing unit 221 receives an input of the frame. Since the destination MAC address has been designated as a multiple address (Step S 3 ), the destination processing unit 221 retrieves data from the table unit 225 with using the MAC address a of the terminal 30 , which is the source MAC address of the frame, as a key for the remote address (Step S 5 ).
  • Step S 6 Since a set of (the MAC address e of the terminal 34 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ) is found (Step S 6 ), the destination processing unit 221 generates a frame in which the destination MAC address of the frame is replaced with the MAC address e of the terminal 34 (Step S 7 ) and outputs the generated frame to the NIC unit 226 .
  • the NIC unit 226 transmits the inputted frame to the local network 13 (Step S 8 ).
  • the local network 13 transmits the frame to the terminal 34 , which corresponds to the destination MAC address e of the received frame.
  • the terminal 34 receives the frame.
  • a multiple-addressed frame issued from the terminal 30 is respectively received by the terminals that correspond to the remote addresses c, d, and e stored in the table unit 205 , i.e., the terminal 32 , the terminal 33 , and the terminal 34 .
  • the terminal 31 also receives this multiple-addressed frame, no particular problem arises because the terminal 31 is connected to the same local network 11 as the terminal 30 .
  • the Ethernet frame is received by the NIC unit 206 of the frame processing apparatus 20 (Step S 10 in FIG. 5 ) and outputted to the filter unit 203 .
  • the filter unit 203 receives an input of the frame. Since the destination MAC address has been designated as a multiple address (Step S 11 ), the filter unit 203 retrieves data from the table unit 205 with using the MAC address b of the terminal 31 , which is the source MAC address of the frame, as a key for the local address (Step S 16 ). In this case, no sets are found to be matched (Step S 17 ). Accordingly, the filter unit 203 discards the frame.
  • the terminals 30 - 35 which are separated by the transit network 10 through which data link layer frames cannot directly be received or transmitted, and which cannot utilize VLAN, tunneling means, or the like, can directly receive data link layer frames from and transmit data link layer frames to each other. Furthermore, according to the present invention, other unauthorized terminals are prevented from processing data link layer frames transmitted through the transit network 10 .
  • the present exemplary embodiment is the same as the first exemplary embodiment of the present invention except that at least one terminal 36 is connected to the transit network 10 operable to communicate with using IP packets, such as the Internet or a regional IP network.
  • IP packets such as the Internet or a regional IP network.
  • the terminal 36 has a NIC unit 367 connectable to the transit network 10 , a decapsulation unit 362 operable to decapsulate an encapsulated IP packet inputted from the NIC unit 367 to derive an Ethernet frame, and an encapsulation unit 364 operable to encapsulate an Ethernet frame into an IP packet and output the IP packet to the NIC unit 367 .
  • the NIC unit 367 holds an IP address G, which is an identifier used in the transit network 10 , and a MAC address g. With such configuration, the frame processing apparatuses 20 - 22 recognize the terminal 36 as a device similar to the frame processing apparatuses.
  • the table unit 205 of the frame processing apparatus 20 in the present exemplary embodiment stores four sets of addresses including (the MAC address a of the terminal 30 , the MAC address c of the terminal 32 , the IP address B of the frame processing apparatus 21 ), (the MAC address a of the terminal 30 , the MAC address d of the terminal 33 , the IP address B of the frame processing apparatus 21 ), (the MAC address a of the terminal 30 , the MAC address e of the terminal 34 , the IP address C of the frame processing apparatus 22 ), and (the MAC address a of the terminal 30 , the MAC address g of the terminal 36 , the IP address G of the terminal 36 ).
  • the table unit 215 of the frame processing apparatus 21 prestores six sets of addresses including (the MAC address c of the terminal 32 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ), (the MAC address c of the terminal 32 , the MAC address e of the terminal 34 , the IP address C of the frame processing apparatus 22 ), (the MAC address d of the terminal 33 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ), (the MAC address d of the terminal 33 , the MAC address e of the terminal 34 , the IP address C of the frame processing apparatus 22 ), (the MAC address c of the terminal 32 , the MAC address g of the terminal 36 , the IP address G of the terminal 36 ), and (the MAC address d of the terminal 33 , the MAC address g of the terminal 36 , the IP address G of the terminal 36 ), and (the MAC address d of the terminal 33 , the MAC
  • the table unit 225 of the frame processing apparatus 22 prestores four sets of addresses including (the MAC address e of the terminal 34 , the MAC address a of the terminal 30 , the IP address A of the frame processing apparatus 20 ), (the MAC address e of the terminal 34 , the MAC address c of the terminal 32 , the IP address B of the frame processing apparatus 21 ), (the MAC address e of the terminal 34 , the MAC address d of the terminal 33 , the IP address B of the frame processing apparatus 21 ), and (the MAC address e of the terminal 34 , the MAC address g of the terminal 36 , the IP address G of the terminal 36 ).
  • the terminal 36 can communicate directly with the terminals 30 , 32 , 33 , and 34 in the same group in the respective local networks 11 - 13 with use of Ethernet frames.
  • This configuration enables the terminal 36 , such as a PC carried away from home, to have direct remote access to a specified terminal in the home.
  • the frame processing apparatus according to the present invention can be implemented by hardware.
  • the frame processing apparatus according to the present invention may also implemented by a computer and a program.
  • the program is provided in a state such that it is stored in a computer-readable storage medium, such as a magnetic disk or a semiconductor memory.
  • the program is read by the computer, for example, when the computer is booted up.
  • the program controls operation of the computer so that the computer functions as the frame processing apparatus in the aforementioned exemplary embodiments and performs processes as exemplified in FIGS. 4 and 5 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
US12/096,702 2005-12-09 2006-12-07 Frame processing method and frame processing apparatus Active 2028-07-24 US8102847B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2005-355610 2005-12-09
JP2005355610 2005-12-09
PCT/JP2006/324885 WO2007066814A1 (fr) 2005-12-09 2006-12-07 Méthode de traitement de trame et dispositif de traitement de trame

Publications (2)

Publication Number Publication Date
US20090245251A1 US20090245251A1 (en) 2009-10-01
US8102847B2 true US8102847B2 (en) 2012-01-24

Family

ID=38122951

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/096,702 Active 2028-07-24 US8102847B2 (en) 2005-12-09 2006-12-07 Frame processing method and frame processing apparatus

Country Status (4)

Country Link
US (1) US8102847B2 (fr)
JP (1) JP4863015B2 (fr)
CN (1) CN101326770A (fr)
WO (1) WO2007066814A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130041672A1 (en) * 2010-04-13 2013-02-14 Stefan DOEHLA Method and encoder and decoder for sample-accurate representation of an audio signal
US20160231939A1 (en) * 2015-02-06 2016-08-11 Liqid Inc. Tunneling of storage operations between storage nodes
US9876706B2 (en) 2013-12-24 2018-01-23 Hitachi Metals, Ltd. Relay system and switching device for a layer 3 network

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4415036B2 (ja) * 2007-08-17 2010-02-17 株式会社日立コミュニケーションテクノロジー ネットワークシステム、ネットワーク装置及び中継装置
US8526436B2 (en) 2008-03-03 2013-09-03 Nec Corporation Address search method and packet processing device
US9516375B2 (en) 2008-12-02 2016-12-06 Orckit Ip, Llc Edge optimized transrating system
WO2010064182A2 (fr) * 2008-12-03 2010-06-10 Corrigent Systems Ltd Diffusion individuelle de contenu de multidiffusion
JP5521385B2 (ja) * 2009-04-27 2014-06-11 株式会社リコー 無線通信装置及び無線通信方法
JP5587085B2 (ja) * 2010-07-27 2014-09-10 パナソニック株式会社 通信システム、制御装置及び制御プログラム
CN104350716B (zh) * 2012-02-22 2018-02-02 日本电信电话株式会社 多通道传送装置以及多通道传送方法
KR102004926B1 (ko) * 2012-11-06 2019-07-29 한국전자통신연구원 캔-이더넷 프레임 변환장치 및 이의 프레임 변환 방법
JP2015032098A (ja) * 2013-08-01 2015-02-16 富士通株式会社 中継サーバおよびアクセス制御方法
FR3028371B1 (fr) * 2014-11-06 2016-11-18 Bull Sas Procede de surveillance et de controle deportes d'un cluster utilisant un reseau de communication de type infiniband et programme d'ordinateur mettant en oeuvre ce procede

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001024683A (ja) 1999-07-05 2001-01-26 Oki Electric Ind Co Ltd ネットワーク集線装置及びネットワーク
US20010012296A1 (en) * 2000-01-25 2001-08-09 Burgess Jon J. Multi-port network communication device with selective mac address filtering
JP2003298602A (ja) 2002-04-05 2003-10-17 Hitachi Cable Ltd ネットワーク機器
US20040158872A1 (en) * 2003-02-06 2004-08-12 Naofumi Kobayashi Data generating device
JP2004312564A (ja) 2003-04-09 2004-11-04 Nippon Telegr & Teleph Corp <Ntt> パケット変換方法、パケット変換装置およびパケット経路制御装置
JP2004363897A (ja) 2003-06-04 2004-12-24 Nec Corp Ipマルチキャスト配信システム、ストリーミングデータ配信方法、及びそのプログラム
US20060171407A1 (en) * 2005-01-31 2006-08-03 Bong-Cheol Kim Multicast packet processing apparatus and method
US20060274751A1 (en) * 2000-07-21 2006-12-07 Hitachi, Ltd. Multicast routing method and apparatus for routing multicast packet
US20070110248A1 (en) * 1999-02-05 2007-05-17 Yunzhou Li Method for key distribution in a hierarchical multicast traffic security system for an internetwork
US20090147718A1 (en) * 2006-06-27 2009-06-11 Hang Liu Method and Apparatus for Reliably Delivering Multicast Data
US7587591B2 (en) * 2003-10-31 2009-09-08 Juniper Networks, Inc. Secure transport of multicast traffic
US7849217B2 (en) * 2003-04-30 2010-12-07 Cisco Technology, Inc. Mobile ethernet
US7911946B2 (en) * 2003-11-17 2011-03-22 General Instrument Corporation Method and apparatuses for using packet data to manage a data stream in a broadband communications system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3962343B2 (ja) * 2003-02-19 2007-08-22 日本電信電話株式会社 マルチキャストデータ通信システム及びその方法
WO2006016698A1 (fr) * 2004-08-11 2006-02-16 Nec Corporation Système de réseau local virtuel et dispositif de noeud
US7969996B2 (en) * 2005-03-04 2011-06-28 Nec Corporation Tunneling apparatus and tunnel frame sorting method and its program for use therein

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070110248A1 (en) * 1999-02-05 2007-05-17 Yunzhou Li Method for key distribution in a hierarchical multicast traffic security system for an internetwork
JP2001024683A (ja) 1999-07-05 2001-01-26 Oki Electric Ind Co Ltd ネットワーク集線装置及びネットワーク
US20010012296A1 (en) * 2000-01-25 2001-08-09 Burgess Jon J. Multi-port network communication device with selective mac address filtering
US20060274751A1 (en) * 2000-07-21 2006-12-07 Hitachi, Ltd. Multicast routing method and apparatus for routing multicast packet
JP2003298602A (ja) 2002-04-05 2003-10-17 Hitachi Cable Ltd ネットワーク機器
US20040158872A1 (en) * 2003-02-06 2004-08-12 Naofumi Kobayashi Data generating device
JP2004312564A (ja) 2003-04-09 2004-11-04 Nippon Telegr & Teleph Corp <Ntt> パケット変換方法、パケット変換装置およびパケット経路制御装置
US7849217B2 (en) * 2003-04-30 2010-12-07 Cisco Technology, Inc. Mobile ethernet
JP2004363897A (ja) 2003-06-04 2004-12-24 Nec Corp Ipマルチキャスト配信システム、ストリーミングデータ配信方法、及びそのプログラム
US7587591B2 (en) * 2003-10-31 2009-09-08 Juniper Networks, Inc. Secure transport of multicast traffic
US7911946B2 (en) * 2003-11-17 2011-03-22 General Instrument Corporation Method and apparatuses for using packet data to manage a data stream in a broadband communications system
US20060171407A1 (en) * 2005-01-31 2006-08-03 Bong-Cheol Kim Multicast packet processing apparatus and method
US20090147718A1 (en) * 2006-06-27 2009-06-11 Hang Liu Method and Apparatus for Reliably Delivering Multicast Data

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130041672A1 (en) * 2010-04-13 2013-02-14 Stefan DOEHLA Method and encoder and decoder for sample-accurate representation of an audio signal
US9324332B2 (en) * 2010-04-13 2016-04-26 Fraunhofer-Gesellschaft Zur Foerderung Der Angewan Method and encoder and decoder for sample-accurate representation of an audio signal
US9876706B2 (en) 2013-12-24 2018-01-23 Hitachi Metals, Ltd. Relay system and switching device for a layer 3 network
US20160231939A1 (en) * 2015-02-06 2016-08-11 Liqid Inc. Tunneling of storage operations between storage nodes
US10198183B2 (en) * 2015-02-06 2019-02-05 Liqid Inc. Tunneling of storage operations between storage nodes
US10585609B2 (en) 2015-02-06 2020-03-10 Liqid Inc. Transfer of storage operations between processors

Also Published As

Publication number Publication date
US20090245251A1 (en) 2009-10-01
JP4863015B2 (ja) 2012-01-25
WO2007066814A1 (fr) 2007-06-14
CN101326770A (zh) 2008-12-17
JPWO2007066814A1 (ja) 2009-05-21

Similar Documents

Publication Publication Date Title
US8102847B2 (en) Frame processing method and frame processing apparatus
US10778464B2 (en) NSH encapsulation for traffic steering establishing a tunnel between virtual extensible local area network (VxLAN) tunnel end points (VTEPS) using a NSH encapsulation header comprising a VxLAN header whose VNI field has been replaced by an NSH shim
US8908704B2 (en) Switch with dual-function management port
JP6032278B2 (ja) Lan多重化装置
JP6106750B2 (ja) 仮想ネットワークおよび物理ネットワークを統合するための方法およびシステム
US8320374B2 (en) Method and apparatus for improved multicast routing
EP1949621B1 (fr) Procedes permettant d&#39;inserer des services de protocole internet dans un reseau d&#39;acces large bande
JP4780477B2 (ja) トンネリング装置及びそれに用いるトンネルフレーム振分方法並びにそのプログラム
US20070280230A1 (en) Method and system for service discovery across a wide area network
US20080235358A1 (en) Proxy Device, Network System, and Communication Method
RU2013103703A (ru) Инкапсуляция адреса асимметричной сети
WO2007066752A1 (fr) Dispositif relais et procede de connexion de dispositif client a un serveur
WO2015143879A1 (fr) Procédé pour envoyer un paquet de multidiffusion et commutateur
US11296985B2 (en) Normalized lookup and forwarding for diverse virtual private networks
CN100514929C (zh) 一种虚拟专用局域网的报文转发方法及装置
CN105490957A (zh) 一种负载分担方法及装置
KR20140024051A (ko) 다수의 인터페이스 네트워크 노드들에 대한 통신 메커니즘
CN105591897B (zh) Trill网络的mac地址同步方法及装置
US20060072618A1 (en) Packet-sending communication apparatus with forwarding-address automatic-recognition function, communication system and programs thereof
WO2019134637A1 (fr) Procédé, dispositif et système d&#39;interconnexion de superposition de virtualisation de réseau de type multiple
JP4996514B2 (ja) ネットワークシステム及び電文の転送方法
JP2009141665A (ja) パケット解析ブリッジ装置、パケット伝送システム、及びパケット伝送方法
JP4660346B2 (ja) ブリッジ装置及びブリッジ装置の制御方法
WO2006064561A1 (fr) Système de réseau virtuel privé
JP4317528B2 (ja) パケット転送処理方法および装置

Legal Events

Date Code Title Description
AS Assignment

Owner name: NEC CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KOIDE, TOSHIO;REEL/FRAME:021067/0227

Effective date: 20080604

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12